I am hoping someone can throw me a life jacket on this small dilemma. I am trying to configure dual ISPs with an ASA. I have followed the guide: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml and the failover occurs seamlessly but I feel there is a step missing from the guide: dual NAT.
When the failover occurs traffic still dies at the ASA because it is unable to find a NAT pool for the backup ISP interface (and backup ISP IPs). And, I have yet to find a way to program a second NAT rule that falls over to that backup interface when the primary outside fails.
Help would be greatly appreciated!
Below is a diagram of the layout with both ISP router and active/standby ASAs for your reference:
With the guide you followed, you are running a version <8.3 on your ASA? Then you have to take your global commands and configure them again with the backup-interface and the IP-range that belongs to the backup ISP.
That is also mentioned in the guide:
global (outside) 1 interface global (backup) 1 interface nat (inside) 1 172.16.1.0 255.255.255.0
For the nat-statement you have two globals with the same NAT-ID pointing to both outgoing interfaces. The example works with interface-PAT, but you can use your NAT-range or PAT-IP instead of the keyword "interface".
Don't stop after you've improved your network! Improve the world by lending money to the working poor: